From: Yu Kuai <yukuai3@huawei.com>
Date: Tue, 10 Nov 2020 01:14:43 +0000 (+0800)
Subject: net: xfrm: fix memory leak in xfrm_user_policy()
X-Git-Tag: v5.10~23^2~19^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=48f486e13ffdb49fbb9b38c21d0e108ed60ab1a2;p=thirdparty%2Flinux.git

net: xfrm: fix memory leak in xfrm_user_policy()

if xfrm_get_translator() failed, xfrm_user_policy() return without
freeing 'data', which is allocated in memdup_sockptr().

Fixes: 96392ee5a13b ("xfrm/compat: Translate 32-bit user_policy from sockptr")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Yu Kuai <yukuai3@huawei.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index a77da7aae6fe8..2f1517827995c 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2382,8 +2382,10 @@ int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval, int optlen)
 	if (in_compat_syscall()) {
 		struct xfrm_translator *xtr = xfrm_get_translator();
 
-		if (!xtr)
+		if (!xtr) {
+			kfree(data);
 			return -EOPNOTSUPP;
+		}
 
 		err = xtr->xlate_user_policy_sockptr(&data, optlen);
 		xfrm_put_translator(xtr);